Iranian-linked hackers are targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers (PLCs) on the networks of U.S. critical infrastructure organizations. The warning came earlier today in the form of a joint advisory authored by the FBI, CISA, NSA, the Environmental Protection Agency (EPA), Department of Energy (DOE), and the United States Cyber Command – Cyber National Mission Force (CNMF). The authoring agencies said that these ongoing attacks have targeted organizations across multiple U.S. critical infrastructure sectors (including Government Services and Facilities, Water and Wastewater Systems, and Energy), and have resulted in financial losses and operational disruptions since March 2026. "The FBI assesses a group of Iranian-affiliated APT actors are targeting internet-exposed PLCs with the intent to cause disruptions—including maliciously interacting with project files, and manipulating data displayed on HMI and SCADA displays—to U.S. critical infrastructure organizations," the advisory warns. "Iranian-affiliated APT targeting campaigns against U.S. organizations have recently escalated, likely in response to hostilities between Iran, and the United States and Israel." "The FBI identified that this activity resulted in the extraction of the device's project file and data manipulation on HMI and SCADA displays," the U.S. agencies added. A similar advisory issued in November 2023 warned that the CyberAv3ngers threat group, affiliated with the Iranian Government Islamic Revolutionary Guard Corps (IRGC), had been exploiting vulnerabilities in U.S.-based Unitronics operational technology (OT) systems. Between November 2023 and January 2024, CyberAv3ngers hackers compromised at least 75 Unitronics PLC devices across multiple waves of cyberattacks, half of which were in WWS critical infrastructure networks.